CWE-252
AllowedUnchecked Return Value
Abstraction: Base · Status: Draft
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
227 vulnerabilities reference this CWE, most recent first.
GHSA-8PCJ-QPRC-8GF2
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2023-02-28 15:30FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
{
"affected": [],
"aliases": [
"CVE-2019-15942"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-05T16:15:00Z",
"severity": "HIGH"
},
"details": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.",
"id": "GHSA-8pcj-qprc-8gf2",
"modified": "2023-02-28T15:30:25Z",
"published": "2022-05-24T16:55:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15942"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-58"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8093"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8W9M-P955-6H6H
Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2023-29243"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:27Z",
"severity": "MODERATE"
},
"details": "Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.",
"id": "GHSA-8w9m-p955-6h6h",
"modified": "2024-04-04T06:51:30Z",
"published": "2023-08-11T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29243"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97G5-WWGM-HP9G
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
{
"affected": [],
"aliases": [
"CVE-2021-38114"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-04T21:15:00Z",
"severity": "MODERATE"
},
"details": "libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.",
"id": "GHSA-97g5-wwgm-hp9g",
"modified": "2022-05-24T19:09:53Z",
"published": "2022-05-24T19:09:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html"
},
{
"type": "WEB",
"url": "https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4990"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4998"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-99V4-PPRM-GHH2
Vulnerability from github – Published: 2023-01-05 21:30 – Updated: 2023-01-12 03:30A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2014-125043"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T20:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability.",
"id": "GHSA-99v4-pprm-ghh2",
"modified": "2023-01-12T03:30:15Z",
"published": "2023-01-05T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125043"
},
{
"type": "WEB",
"url": "https://github.com/vicamo/NetworkManager/commit/4da19b89815cbf6e063e39bc33c04fe4b3f789df"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217514"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217514"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9CHR-M38J-W26G
Vulnerability from github – Published: 2024-08-30 00:31 – Updated: 2026-01-28 00:31Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
{
"affected": [],
"aliases": [
"CVE-2024-1545"
],
"database_specific": {
"cwe_ids": [
"CWE-1256",
"CWE-252",
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-29T23:15:10Z",
"severity": "MODERATE"
},
"details": "Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker\u00a0co-resides in the same system with a victim process to\u00a0disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.",
"id": "GHSA-9chr-m38j-w26g",
"modified": "2026-01-28T00:31:37Z",
"published": "2024-08-30T00:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1545"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/7167"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9FR2-R98V-QC2F
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:32B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.
{
"affected": [],
"aliases": [
"CVE-2022-43765"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-08T11:15:00Z",
"severity": "HIGH"
},
"details": "B\u0026R APROL versions \u003c R 4.2-07 doesn\u2019t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.",
"id": "GHSA-9fr2-r98v-qc2f",
"modified": "2024-04-04T05:32:36Z",
"published": "2023-07-06T19:24:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43765"
},
{
"type": "WEB",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QP4-RW2Q-RX7R
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
{
"affected": [],
"aliases": [
"CVE-2024-42068"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()\n\nset_memory_ro() can fail, leaving memory unprotected.\n\nCheck its return and take it into account as an error.",
"id": "GHSA-9qp4-rw2q-rx7r",
"modified": "2025-11-04T00:31:05Z",
"published": "2024-07-29T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42068"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RVW-GG78-WFM7
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2026-06-09 12:31An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
{
"affected": [],
"aliases": [
"CVE-2025-58903"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T16:15:40Z",
"severity": "LOW"
},
"details": "An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.",
"id": "GHSA-9rvw-gg78-wfm7",
"modified": "2026-06-09T12:31:59Z",
"published": "2025-10-14T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58903"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-653"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9X54-G48C-7W9W
Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-01 00:00An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).
{
"affected": [],
"aliases": [
"CVE-2022-40279"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-29T03:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).",
"id": "GHSA-9x54-g48c-7w9w",
"modified": "2022-10-01T00:00:17Z",
"published": "2022-09-30T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40279"
},
{
"type": "WEB",
"url": "https://github.com/Samsung/TizenRT/issues/5629"
},
{
"type": "WEB",
"url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181"
},
{
"type": "WEB",
"url": "https://linux.die.net/man/3/pcap_dispatch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3CJ-4XXG-MG34
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
{
"affected": [],
"aliases": [
"CVE-2022-38936"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T11:15:00Z",
"severity": "HIGH"
},
"details": "An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.",
"id": "GHSA-c3cj-4xxg-mg34",
"modified": "2022-09-27T00:00:18Z",
"published": "2022-09-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38936"
},
{
"type": "WEB",
"url": "https://github.com/cloudwu/pbc/issues/158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-53
Check the results of all functions that return a value and verify that the value is expected.
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Ensure that you account for all possible return values from the function.
Mitigation
When designing a function, make sure you return a value or throw an exception in case of an error.
No CAPEC attack patterns related to this CWE.